It is quite common to treat virtualized machines and their supporting infrastructure as simply another physical server on the network. In fact, transparency between physical and virtual systems is one of the strong selling points when looking at any virtual solution. However, when it comes to policy creation, security controls, and management of a virtualized infrastructure, there are additional areas that must be addressed.
Regardless of the virtualized hypervisors in the environment, i.e. VMware ESX/ESXi, Citrix XenServer, Microsoft Virtual Server/Hyper-V or other, this service provides the customer with the analysis necessary to protect all facets of a virtualized infrastructure. Included are areas related to access control, the application of least privilege, data protection, secure network configuration, disaster recovery planning and testing, and threat analysis. The goal of the assessment is to identify security gaps and develop remediation strategies.
Sword & Shield Approach
Sword & Shield security consultants will perform a detailed analysis of the virtualized environment. The analysis includes:
- A full review of the existing physical and logical construct related to virtualization
- An inventory of hypervisor hosts along with the virtual machines running on the hosts
- Conduct a thorough review of security policies and detailed security and administrative practices specific to virtualization. The review will include the following:
- Physical security
- Network security zones
- Power failure conditions
- Remote root account access through SSH
- Properly segregated virtual machine data stores
- Access to virtual machine flat files
- Disaster recovery
- Mis-configured High Availability (HA) features
- Virtual machine sprawl
- Patch management for hypervisor hosts
- Hardening of system templates
- Granular permissions control review
Questions Our Report Will Answer
- Does the existing virtual infrastructure allow for distinct separation between hypervisor, management tool and virtual machine networks?
- How physically secure is the virtual servers? Unauthorized access to hypervisor host can affect many servers.
- Are the hosts protected from power loss and are the VM’s configured for a controlled orderly shutdown in the event of an extended power outage?
- Has the remote root account access through SSH been enabled for convenience?
- Is there a dedicated VM designated as a storage management node or another form of management node?
- Does your access control to virtual storage consider that VMs are files containing flat files can be easily be copied, changed or deleted?
- What mechanisms are in place to ensure that operations can quickly be restored in the event of hypervisor host failures?
- Is there a policy in place to backup hypervisor hosts or has this been deemed an acceptable risk?
- What is the strategy for backing up and restoring VMs?
- How are your High Availability (HA) hypervisors and VM servers configured?
- Do you know who within your organization can create a VM and join it to the existing network? Are the necessary controls in place to prevent virtual machine sprawl from happening?
- It is common for virtual machines to receive patching through WSUS, SMS, Shavlik or other patching solution but what is your patch strategy for the hypervisors? Do you have a policy or employ a technology to ensure the hypervisors receive timely patches to offset emerging threats.
- Do you use hardening of systems templates?
- Have you established more granular security controls within the virtualized framework to limit administrative access to the data in the virtual environment?
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885